This is an English translation of the German text, which is the sole authoritative version.
Data protection in general and the protection of personal data in particular have always been an important part of our procedures and processes - also because of our legal confidentiality obligation. The European wide applicable Basic Data Protection Regulation (DS-GVO) does not change our principle. However, we have adapted our previous procedures and processes to the European regulations.
Whether you are a client, prospect, applicant or visitor to our website, we respect and protect your privacy. Under no circumstances do we sell personal information to third parties.
In addition to this general data protection declaration, you will find further explanations on the DS-GVO page.
Your rights as an affected person
You can exercise the following rights at any time by contacting us via the contact options stated on the bottom of this page:
- Information about your data stored with us and their processing (Art. 15 DS-GVO),
- Correcting incorrect personal data (Art. 16 DPA),
- Deletion of your data stored with us (Art. 17 DS-GVO),
- Restriction of data processing, in case we are not yet allowed to delete your data due to legal obligations (Art. 18 DS-GVO),
- Objection to the processing of your data by us (Art. 21 DS-GVO) and
- Data transferability, provided you have consented to data processing or have concluded a contract with us (Art. 20 DS-GVO).
If you have given us your consent, you can revoke it at any time with effect for the future.
You may at any time submit a complaint to a supervisory authority, e.g. to the respective supervisory authority of the federal state of your residence or to the authority responsible for us as the responsible body.
A list of the supervisory authorities (for the non-public sector) with their addresses can be found on the BfDI website (partly in German).
To secure your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.
II. The entity responsible for data protection
The entity responsible for the purposes of the basic Data Protection Regulation (DS-GVO) and other national data privacy laws, such as the Federal Privacy Act (BDSG) or the Tele-Media Act (TMG) of the Member States, as well as other data protection regulations, is:
PKF hotelexperts GmbH
tel: +49 (0)89 29 032 200
(in the following briefly called PKF hotelexperts Munich)
PKF Munich is a member of the PKF International Limited Network. The network consists of legally independent member companies.
III. To whom does this Data Protection Regulation apply?
The DS-GVO protects sensitive data of all entities. PKF Munich store, use and transmit the personal data of clients, their shareholders or employees, exclusively to fulfill the respective order. This data is collected with the cooperation of the client or from information in public registers.
All other parties who come into contact with us, such as applicants, but also visitors to our website and persons who register on our website, are also protected.
IV. What data are we talking about?
According to Art 4 DS-GVO, personal data are all information relating to an individual (the person concerned): first and last name, address, birth name, birth date, tax number, tax identification number. Technical information, such as email address, telephone number, IP address, is considered to be personal if, together with the other information, it allows a person to be identified.
The category of ‘particularly sensitive data’ includes, for example, information on ethnic origin, religious affiliation, health data, trade union affiliation or children's data. Unless there is a special permit under Article 9 of the DS-GVO, this ‘particularly sensitive data’ is not collected when using our website.
V. Legal basis for processing
In so far as we obtain the consent of the persons concerned for processing of personal data, Article 6 para 1a DS-GVO serves as a legal basis. There is a ‘double Opt in’ procedure for consent to subscribe to our newsletter.
We have taken measures to ensure all processing is in accordance to Article 32 of the DS-GVO. Only authorized persons can access personal data (access, entry and access control). Our data networks and servers are protected by state of the art technology against unauthorized access. i.e. hackers. We encrypt your data in e-mail traffic in the most secure way technically possible, and as far as your IT technology is capable of decrypting the e-mail. Wherever this is not the case, you must give us written consent for unencrypted data exchange.
VII. Data erasure and storage time
The personal data of the entity concerned will be deleted or blocked as soon as the purpose of its collection is completed.
If the data is no longer required for the fulfilment of contractual or legal obligations, it is deleted, unless its temporary retention is required by law.
VIII. Provision of the website
1. Description and scope of data processing
For the technical implementation of our website we use the services of Thamm IT GmbH, Hasetorwall 3, 49076 Osnabrück. As soon as an internet user accesses this website potential identification data and other data are stored on the respective internet server. The National Tele-Media Act (TMG) stipulates in § 13 para 1 that the user is to be informed at the beginning of their interface session about the nature, scope and purpose of the collection and use of personal data.
The access logs of the web servers record which page calls have taken place at which time. They contain the following data: IP, directory protection user, date, time, pages called, logs, status code, data volume, referrer, user agent, host name called.
The IP addresses are stored anonymously. For this purpose the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymized. The anonymized IP addresses are stored for 60 days. Details of the directory protection user used are anonymized after one day.
Error logs, which log incorrect page views, are deleted after seven days. In addition to the error messages, these logs contain the accessing IP address and, depending on the error, the website called up.
2. Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to enable the delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage of ‘Logfiles’ is conducted to ensure the functionality of the website. We also use the data to optimize the website and to ensure the safety of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
3. Duration of storage
Data will be deleted as soon as it is no longer required to achieve the purpose of its collection. In the event that data is collected to provide access to the site, this is the case when the respective session is terminated.
In the case of storing data in Logfiles, deletion takes place after 30 days at the latest. However, in some necessary cases it will be stored longer than the normal 30 days. In this case, the IP addresses of the users are deleted or alienated, so that mapping of the calling client is no longer possible (s. above).
4. Special rights
Please refer to sections XIII to XVIII of the special rights in dealing with personal data.
It is possible for users to subscribe to and receive a free newsletter via our website. When registering for the newsletter, the data from the input form such as name, company and e-mail address is stored. We use this data exclusively for the personalization and execution of our mailings. In order to prevent the misuse of e-mail addresses, subscribers must confirm their subscription to our newsletter by e-mail in an automated process (double opt-in).
We transmit our newsletters with the software CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. By ordering our newsletter, you agree that your data may be stored on CleverReach. We have a contract with CleverReach GmbH & Co. KG for the processing of personal data according to DS-GVO.
Furthermore, you allow us to use the tracking options of CleverReach for the purpose of evaluation (opening behavior, click behavior, etc.). You can revoke your consent to the storage and use of your personal data by PKF hotelexperts Munich at any time. This can be done via a link in our newsletters, the unsubscribe form (English newsletter) or via the further contact options stated on the website. If you have ordered both our English and German newsletter, please note that you have to unsubscribe separately, as these are different mailing lists. For this purpose you will find the unsubscribe form for the German newsletter here.
X. Contact form and e-mail contact
On our website you can use our contact form. If you use this feature, information provided within the form such as first and last name, company, position, phone-number and e-mail address will be submitted and saved.
The purpose of processing personal data collected within the form is to handle your inquiry when contacting us. When contacting us you consent on processing the data provided and we therefore refer to this privacy statement.
Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored. Data is only used in order to process your inquiry.
In our online forms we use Captcha to determine if a human or a computer makes a specific input on our forms. The legal basis for the described data processing is Article 6 (1) (f) of the General Data Protection Regulation. There is a legitimate interest on our part regarding this data processing to ensure the security of our website and to protect us from automated input (attacks).
To determine the preferred visited pages of the PKF hotelexperts Munich website, aggregated statistics about website visits will be created.
You have the choice to decide whether to accept cookies or not. You can set your browser to inform you, when you receive a cookie or you can use your legal right to object by rejecting cookies in your browser settings. To find out how to change the browser settings, please refer to your browser’s manual.
If you do not accept cookies, you may not be able to use the full range of website features.
XII. Social Plugins
Our website uses social plugins for the following social networks:
Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
Twitter, which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
LinkedIn, which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043,USA;
XING, which is operated by Xing AG, Dammtorstraße 30, 20354 Hamburg, Deutschland.
These social-plugins are displayed using their logo. When these logos are clicked by you, they will connect you directly to the servers of Facebook, Twitter, XING or LinkedIn through your browser. Facebook, Twitter, XING or LinkedIn receive the information/data by you accessing websites containing the Social Plugin. This happens even when you are not logged into Facebook, Twitter, XING or LinkedIn or do not have a corresponding account.
But as long as you have a corresponding account and are logged in at the time on Facebook, Twitter, XING or LinkedIn the visit to our site and all of your interactions in the context of the social plugins (e.g. writing a comment etc.) can be saved and stored on your Facebook, Twitter, XING or LinkedIn account.
Regarding the purpose and scope of data collection as well as the use and processing of data by these providers and your rights and options in respect to protecting your privacy, please see the privacy policies of Facebook, Twitter, XING and LinkedIn.
To prevent Facebook, Twitter, XING or LinkedIn from collecting the data mentioned above through your visit on our website, log out before you visit our website on the respective platform.
XIII. Changes to our privacy notice
We reserve the right to change this privacy statement from time to time to ensure that it complies with current legal requirements or to implement changes to our services in the privacy statement, e.g. when introducing new services. Every new visit will be subject to the new privacy statement.
XIV. Right to information / cancellation / revocation
The data protection regulations grant the user to obtain information from the operator of the website free of charge as to which personal data is stored. In addition, the user is entitled to initiate the deletion, blocking or correction of incorrect data if no statutory retention obligation is to be applicable. You can make changes or revoke your consent by notifying us with effect for the future.
If you have any questions regarding privacy issues at PKF hotelexperts, feel free to contact us at any time:
PKF hotelexperts GmbH